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DETAILED ACTION 

Claims 1-16 liave been considered. 

Specification 

5 A grammatical error exists in the second sentence of the ninth paragraph. The word 
"identifying" should be "identify". Appropriate correction is required. 

A grammatical error exists in the second sentence of the tenth paragraph. The word "of 
should be inserted after the word "indicating". Appropriate correction is required. 

10 

An identification error exists in the twenty-fifth sentence of the twenty-first paragraph. 
USB stands for "Universal Serial Bus". Appropriate correction is required. 

Claim Objections 

1 5 Claims 14-16 are objected to because of the following informalities: the claims 

depend on claim 12, while the preamble suggests they should depend on claim 13. The 
examiner will assume the claims depend on claim 13. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

20 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent 
by another filed in the United States before the invention thereof by the applicant 
25 for patent, or on an international application by another who has fulfilled the 

requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before 
the invention thereof by the applicant for patent. 
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The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AlPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
5 Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AlPA (pre-AlPA 35 U.S.C. 102(e)). 

Claims 5,6,8,13,14, and 16 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Vaeth, U.S. Patent No. 6,308,277. 

10 As per claim 5, Vaeth discloses a method of preventing ID spoofing comprising: 

a) allowing a user to access a registration server (column 7, lines 55-60); 

b) upon the registration server receiving identification information from the user 
and also receiving a request by the user for a new signature certificate, the registration 
server querying a directory to obtain information regarding the identified user (column 8, 

15 lines 6-10, 21-23); 

c) upon the registration server receiving information from the directory indicating 
that the identified user is not in the directory, the registration server informing the user 
that a new signature certificate will not be issued, thereby preventing an unauthorized 
user from ID spoofing to obtain a valid signature certificate (column 8, lines 41-44). 

20 

As per claims 6 and 14, Vaeth limits the method/apparatus of independent claims 
5 and 13, further comprising providing user identifiers and their corresponding digital 
signature certificates in said directory (column 8, lines 7-10, 41-44). 
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As per claims 8 and 16, Vaeth limits the method/apparatus of independent claims 
5 and 13, further comprising providing a personal revocation authority to revoke a user's 
previous signature certificate, the personal authority being chosen so as to personally 
recognize a user (column 8, 41-45). The applicant should note that Vaeth refers to the 
5 revocation authority as "RA". 

As per claim 1 3, the applicant discloses all the claim limitations of claim 5, which 
are met by Vaeth as described above, with the following additional limitation which is 
also met by Vaeth: 

1 0 a directory accessible by the registration server, the directory storing information 

regarding all users (column 8, lines 7-10). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

1 5 obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
20 to a person having ordinary skill in the art to which said subject matter pertains. 

Patentability shall not be negatived by the manner in which the invention was 
made. 

Claims 1-4,7,9-12, and 15 are rejected under 35 U.S.C. 103(a). Claims 
25 1,2,4,9,10, and 12 are unpatentable over Vaeth and further in view of Asay, U.S. Patent 



Application Publication No. 2002/0062438. 
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As per claim 1 , the applicant discloses the claim limitations of claim 5, which are 
met by Vaeth as described above, with the following additional limitation which is met by 
Asay: 

upon the registration server receiving information from the directory indicating 
5 that the identified user already possesses a signature certificate, the registration server 
informing the user that a new signature certificate will not be issued until the old 
signature certificate has been revoked, thereby preventing an unauthorized user from ID 
spoofing to obtain a valid signature certificate (paragraph [0065] and paragraph [0142]). 
It should be noted that Asay refers to the user as a subscriber. It should also be 

1 0 noted that the automatic process by which the old certificate is revoked before the user 
gets the new certificate requires that the user's request to revoke the certificate is in the 
standby application as implied in the first sentence of paragraph [0142]. In a simitar 
fashion, applicant's claim 1 discloses that the user is informed by the certificate authority 
that in order to get a new certificate he has to give up his old one. Asay has disclosed a 

1 5 security method whereby an automatic revocation of an old certificate takes place when 
a new certificate is issued in a user's standby certificate application. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to have combined the ideas of Asay with the ideas of Vaeth. As Asay further 
elaborates in paragraph [0015], "Suspending and/or revoking certificates are an 

20 important means of minimizing the consequences of errors by the certification authority 
or subscriber. Depending on applicable legal rules, a certification authority may avert 
further loss due to inaccuracy in the certificate by revoking it. A subscriber can revoke a 
certificate to prevent reliance on digital signatures created using a compromised, e.g., 
lost or stolen, private key". Thus, one of ordinary skill in the art at the time of the 
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invention would have been motivated to combine the ideas of Vaeth with the ideas of 
Asay to create a secure certificate environment. 

As per claims 2 and 10, the applicant limits independent claims 1 and 9, which 
5 are met by Vaeth in further view of Asay, with the following limitation which is also met 
by Vaeth: 

further comprising providing user identifiers and their corresponding digital 
signature certificates in said directory (column 8, lines 7-10, 41-44). 

10 As per claims 4 and 12, the applicant limits independent claims 1 and 9, which 

are met by Vaeth in further view of Asay, with the following limitation which is also met 
by Vaeth: 

further comprising providing a personal revocation authority to revoke a user's 
previous signature certificate, the personal revocation authority being chosen so as to 
15 personally recognize a user (column 8, lines 41-45). 



As per claim 9, the applicant limits independent claim 5, which is met by Vaeth in 
further view of Asay, with the following additional limitation which is also met by Vaeth: 
a directory accessible by the registration server, the directory storing information 
20 regarding all users (column 8, lines 7-1 0). 



Claims 3,7,1 1 , and 1 5 are unpatentable over Vaeth and Asay and further in view 
of Zhou. 
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As per claims 3,7,11, and 1 5, tine applicant limits independent claims 1,5,9, and 
13 which are met by Vaeth in further view of Asay in the case of 1 and 9 and Asay in the 
case of 5 and 13, with the following limitation which is met by Zhou: 

further comprising providing an authoritative database including user identifiers, 
5 wherein the directory is updated from the authoritative database. 

Zhou discloses the benefit of using directory integration with an authoritative 
database of user identifiers which he calls a metadirectory. In the second paragraph 
Zhou writes, "Directory integration lets network administrators manage directory 
information from one directory and automate the process of changing information in 
1 0 multiple directories. In the short run, directory integration lowers the cost of directory 
management because it reduces human involvement in directory management. A 
comprehensive directory-integration system often requires an enterprise directory to 
store and unify directory information in a central repository, or metadirectory. In the long 
run, you can incorporate into a metadirectory new network services— for example, ... 
1 5 public key infrastructure (PKI), to manage digital certificates for e-commerce". It would 
have been obvious to one of ordinary skill in the art at the time the invention was filed to 
have combined the ideas of Zhou with the ideas of Asay and Vaeth because one would 
have motivation to use an authoritative database to better manage digital certificates as 
Zhou discloses. 



25 



Any inquiry concerning this communication or eartier communications from the 
examiner should be directed to Kevin Schubert whose telephone number is (571) 272- 
4239. The examiner can normally be reached on M-F 8:00-5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
5 Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
10 Center (EBC) at 866-217-9197 (toll-free). 




1 5 MATTHEW SMITHERS 

PRIMARY EXAMINER 



